Making spammers pay - Inside Line

Telecom Asia, June, 2003 by Robert Clark

How do you feel about spam? If you're a wholesale carrier, you're probably glad of the bandwidth demand it creates--but remember, you're in a minority.

If you're a heavy email user, you've probably cursed it at least once today. If you're a sysadmin you're doubtless tearing your hair out. And if you're a mass mailer, you are probably rehearsing your free speech defense right now.

Make no mistake, as unsolicited mass mail clogs the world's email servers in escalating volumes, the anti-spam drums are beating ever louder.

AOL estimates that 70%-80% of its daily traffic load is spam. Last month it upgraded its filters to block 2 billion spam a day. It also hooked up with rivals MSN and Yahoo to collaborate on anti-spam measures.

The issue is muscling its way onto the US political agenda. The US Federal Trade Commission last month convened a three-day conference on the issue, and a number of congressional anti-spam bills are pending. Now is a good time to give the issue due attention.

The problem with spam? First, it is intrusive; users didn't ask for an invitation to take out a low-interest loan. Second, it is often fraudulent and/or offensive; the FTC calculates that 66% of spare have false information in the "from" or "subject" headers.

Third, and most of all, it is a massive waste of resources. That includes users' time and disk space and the efforts of sysadmins and ISPs, and nearly $9 billion in costs last year to US corporates, according to Ferris Research.

Yet there's one more problem with spam, which is that it's fiendishly difficult to identify.

Defining spam

Sure, you and I know spare when it lands in our inbox. But one person's spam is another person's marketing message. It is part of the charm and genius of the Internet that we can have free--in all senses of the word--interchanges with others around the world.

But plenty of email is legitimate if not solicited. An editor receives dozens of press releases a day from strangers. Everyone in the telecom industry receives invitations to conferences, events, newsletters, many of which are not permissive.

The best definition of spare accepts it is non-permissive, untargeted and part of a mass mailing. But a universal definition of spam does not exist, and for this reason the law offers little redress. Regulators and police can effectively tackle spam which is fraudulent or criminal--but not that which is annoying or time-wasting.

A number of fixes are already available. First is basic network and server security. Fourteen regulators worldwide, led by the FTC, last month issued warnings in 12 languages to managers of open relay servers asking them to make their ports more secure. Spammers like to take routes through third party servers, and they can do this freely through open relay ports.

The second fix, and one which lends itself readily to individual users, is the "challenge response" mechanism. This will accept mail only from addresses on a "white list". Unrecognized senders will be asked, say, to type out a word on the page in front of them--the idea being that machines could not do so.

But while much more effective than heavy-handed content filters, challenge response systems, from firms such as Mailblocks.com and Spamarrest.com, have their own drawbacks.

Spammer pays

For one thing, they could block legitimate mailing lists. Unless the user actively adds the address to his or her white list, they may not receive their daily market analysis or celebrity news mail. The other complication is that Mailblocks CEO Phil Goldman, one of the founders of WebTV, claims to own the IP behind the concept. That is still to be worked through.

But perhaps the best fix might be economic. We don't receive mass volumes of regular postal mail because of the relative cost. The marginal cost of sending a spam is just about zero. Even with a response rate as low as 0.001% a mass mailer can make money. Washington-based writer Declan McCullagh argues for the adoption of a spammer-pays approach just as we do for pollution.

A number of charging mechanisms for spam have been proposed, including e-stamps or tokens. With these, messages from known correspondents would be accepted, but those from unknown senders would attract a small payment. The charge may not necessarily even be collected; the point being to deter unsolicited correspondents.

Even more intriguingly, the payment need not be in money at all. UK cryptographer Adam Back has proposed the idea of "Hash Cash"--of charging in burnt CPU cycles. Instead of asking an unknown sender for money, it requests his/her computer to perform a computation lasting, say, six seconds. Back says that at this rate his workstation is capable of no more than 3,750 mails per day. That's enough to slow down the most determined spammer.

The spam problem is soluble. We can make it harder for spammers by raising costs and increasing security. Just don't expect a magic bullet from legislators and lawyers.

TALK TO TELECOM ASIA

Got a news tip, a press release, a comment, a complaint for Telecom Asia? Contact the editorial team: